
<!DOCTYPE html>
<html lang="zh" class="loading">
<head>
    <meta charset="UTF-8" />
    <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" />
    <meta name="viewport" content="width=device-width, minimum-scale=1.0, maximum-scale=1.0, user-scalable=no">
    <title>Flask[相逢] - 二月の档案室</title>
    <meta name="apple-mobile-web-app-capable" content="yes" />
    <meta name="apple-mobile-web-app-status-bar-style" content="black-translucent">
    <meta name="google" content="notranslate" />
    <meta name="keywords" content="二月,"> 
    <meta name="description" content="所感所想，所言所行，我将以文字记录我自己。,表单用户使用表单向服务器提交信息，例如最常见的登录。
那么如何在html页面里提交表单，以及flask如何处理表单数据？以及表单敏感信息如何存储。
HTML登录页面中的form表单
12345&amp;lt,"> 
    <meta name="author" content="Allureluoli"> 
    <link rel="alternative" href="atom.xml" title="二月の档案室" type="application/atom+xml"> 
    <link rel="icon" href="/img/favicon.png"> 
    
    
    
    <meta name="twitter:card" content="summary"/>
    <meta name="twitter:title" content="Flask[相逢] - 二月の档案室"/>
    <meta name="twitter:description" content="所感所想，所言所行，我将以文字记录我自己。,表单用户使用表单向服务器提交信息，例如最常见的登录。
那么如何在html页面里提交表单，以及flask如何处理表单数据？以及表单敏感信息如何存储。
HTML登录页面中的form表单
12345&amp;lt,"/>
    
    
    
    
    <meta property="og:site_name" content="二月の档案室"/>
    <meta property="og:type" content="object"/>
    <meta property="og:title" content="Flask[相逢] - 二月の档案室"/>
    <meta property="og:description" content="所感所想，所言所行，我将以文字记录我自己。,表单用户使用表单向服务器提交信息，例如最常见的登录。
那么如何在html页面里提交表单，以及flask如何处理表单数据？以及表单敏感信息如何存储。
HTML登录页面中的form表单
12345&amp;lt,"/>
    
<link rel="stylesheet" href="/css/diaspora.css">

    <script>window.searchDbPath = "/search.xml";</script>
    <link rel="preconnect" href="https://fonts.googleapis.com">
    <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
    <link href="https://fonts.googleapis.com/css2?family=Source+Code+Pro&display=swap" rel="stylesheet">
<meta name="generator" content="Hexo 6.3.0"></head>

<body class="loading">
    <span id="config-title" style="display:none">二月の档案室</span>
    <div id="loader"></div>
    <div id="single">
    <div id="top" style="display: block;">
    <div class="bar" style="width: 0;"></div>
    <a class="iconfont icon-home image-icon" href="javascript:;" data-url="http://example.com"></a>
    <div title="播放/暂停" class="iconfont icon-play"></div>
    <h3 class="subtitle">Flask[相逢]</h3>
    <div class="social">
        <div>
            <div class="share">
                <a title="获取二维码" class="iconfont icon-scan" href="javascript:;"></a>
            </div>
            <div id="qr"></div>
        </div>
    </div>
    <div class="scrollbar"></div>
</div>

    <div class="section">
        <div class="article">
    <div class='main'>
        <h1 class="title">Flask[相逢]</h1>
        <div class="stuff">
            <span>七月 06, 2023</span>
            
  <ul class="post-tags-list" itemprop="keywords"><li class="post-tags-list-item"><a class="post-tags-list-link" href="/tags/Flask/" rel="tag">Flask</a></li><li class="post-tags-list-item"><a class="post-tags-list-link" href="/tags/Python/" rel="tag">Python</a></li></ul>


        </div>
        <div class="content markdown">
            <h1 id="表单"><a href="#表单" class="headerlink" title="表单"></a>表单</h1><p>用户使用表单向服务器提交信息，例如最常见的登录。</p>
<p>那么如何在html页面里提交表单，以及flask如何处理表单数据？以及表单敏感信息如何存储。</p>
<p>HTML登录页面中的form表单</p>
<figure class="highlight xml"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line"><span class="tag">&lt;<span class="name">form</span> <span class="attr">action</span>=<span class="string">&quot;/login&quot;</span> <span class="attr">method</span>=<span class="string">&quot;POST&quot;</span>&gt;</span></span><br><span class="line">      <span class="tag">&lt;<span class="name">p</span>&gt;</span>name: <span class="tag">&lt;<span class="name">input</span> <span class="attr">type</span>=<span class="string">&quot;text&quot;</span> <span class="attr">name</span>=<span class="string">&quot;name&quot;</span> /&gt;</span><span class="tag">&lt;/<span class="name">p</span>&gt;</span></span><br><span class="line">      <span class="tag">&lt;<span class="name">p</span>&gt;</span>password: <span class="tag">&lt;<span class="name">input</span> <span class="attr">type</span>=<span class="string">&quot;password&quot;</span> <span class="attr">name</span>=<span class="string">&quot;password&quot;</span> /&gt;</span><span class="tag">&lt;/<span class="name">p</span>&gt;</span></span><br><span class="line">      <span class="tag">&lt;<span class="name">input</span> <span class="attr">type</span>=<span class="string">&quot;submit&quot;</span> <span class="attr">value</span>=<span class="string">&quot;提交&quot;</span> /&gt;</span></span><br><span class="line"><span class="tag">&lt;/<span class="name">form</span>&gt;</span></span><br></pre></td></tr></table></figure>

<ul>
<li>action 设置提交的url</li>
<li>method 设置请求的方法</li>
<li>input标签的type设置为password时，在页面输入信息时不会显示明文</li>
</ul>
<p>服务端接收表单信息的方式如下</p>
<figure class="highlight python"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">@app.route(<span class="params"><span class="string">&#x27;/login&#x27;</span>, methods=[<span class="string">&#x27;GET&#x27;</span>, <span class="string">&#x27;POST&#x27;</span>]</span>)</span></span><br><span class="line"><span class="keyword">def</span> <span class="title function_">do_login</span>():</span><br><span class="line">    <span class="keyword">if</span> request.method == <span class="string">&#x27;GET&#x27;</span>:</span><br><span class="line">        <span class="keyword">return</span> render_template(<span class="string">&#x27;login.html&#x27;</span>)</span><br><span class="line">    <span class="keyword">else</span>:</span><br><span class="line">        name = request.form[<span class="string">&#x27;name&#x27;</span>]</span><br><span class="line">        password = request.form[<span class="string">&#x27;password&#x27;</span>]</span><br><span class="line">        <span class="keyword">if</span> name == <span class="string">&#x27;python&#x27;</span>:</span><br><span class="line">            <span class="keyword">return</span> render_template(<span class="string">&#x27;index.html&#x27;</span>, name=name)</span><br><span class="line">        <span class="keyword">else</span>:</span><br><span class="line">            <span class="keyword">return</span> redirect(<span class="string">&#x27;/login&#x27;</span>)</span><br></pre></td></tr></table></figure>

<p>通过request.form来获取表单信息，然后对用户输入的用户名和密码做校验。为了演示，这里省去了数据库查询的逻辑，简化了过程。</p>
<p>生产环境下，用户的密码也并不是明文存储，例子注册网站账号时，填写的密码是888888，网站不会明文存储这个密码，简易的方法为存储它的md5值</p>
<figure class="highlight python"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">import</span> hashlib</span><br><span class="line">password = <span class="string">&#x27;888888&#x27;</span></span><br><span class="line">bpwd = <span class="built_in">bytes</span>(password, encoding=<span class="string">&#x27;utf-8&#x27;</span>)</span><br><span class="line"></span><br><span class="line">m = hashlib.md5()</span><br><span class="line">m.update(bpwd)</span><br><span class="line"></span><br><span class="line">md5_pwd = m.hexdigest()</span><br><span class="line"><span class="built_in">print</span>(md5_pwd)</span><br></pre></td></tr></table></figure>

<p>888888的md5值是 21218cca77804d2ba1922c33e0151105，这样，即便你在数据库里看到这个数值，你也不知道它真实的密码是什么。</p>
<blockquote><p>关于md5：md5并非加密算法，而是密码散列函数，它是一种单向函数，也就是说极其难以由散列函数输出的结果，回推输入的数据是什么，但是同一个值经过md5计算后的值是不会发生变化的。</p>
<p>这样，你只要记住21218cca77804d2ba1922c33e0151105是888888的md5值，就可以对user表进行撞库处理了。</p>
<p>关于网上所谓的md5解密，其实就是事先掌握了海量的密码和与之对应的md5值，然后通过md5反向查找原始密码。</p>
<p>md5值作为密码不够安全，你可以使用werkzeug.security模块里的generate_password_hash和check_password_hash函数。</p>
<p>generate_password_hash是密码加盐哈希函数，对同一个密码，每一次加密都会得到不同的值。generate_password_hash是密码验证函数，而并非计算出原始密码。</p>
<footer><strong>@COOLPYTHON</strong><cite><a target="_blank" rel="noopener" href="http://www.coolpython.net/flask_tutorial/basic/route.html">www.coolpython.net/flask_tutorial/basic/route.html</a></cite></footer></blockquote>



<p>下面是一段示例代码</p>
<figure class="highlight python"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">from</span> werkzeug.security <span class="keyword">import</span> generate_password_hash, check_password_hash</span><br><span class="line"></span><br><span class="line"><span class="comment"># 对密码进行加密</span></span><br><span class="line">password = generate_password_hash(<span class="string">&quot;888888&quot;</span>)</span><br><span class="line"><span class="built_in">print</span>(password)</span><br><span class="line"></span><br><span class="line"><span class="comment"># 检查密码是否正确</span></span><br><span class="line">result = check_password_hash(password, <span class="string">&#x27;888888&#x27;</span>)</span><br><span class="line"><span class="built_in">print</span>(result)</span><br></pre></td></tr></table></figure>

<p>多次运行你就会发现，每次得到的password都是不同的，但是check_password_hash都能正确验证。</p>
<p>使用这两个函数，就绝对能够防止破解了么？并非如此，黑客还是可以在得到user表后进行暴力破解，但是暴力破解的难度和成本都增加了。</p>
<p>888888经过generate_password_hash函数处理后，会得到无数种加密结果，因此，就无法维护一个加密结果与原始密码的映射表，当你拿到一个加密后的密码后，你当然可以使用check_password_hash(password, ‘888888’)来判断这个密码是不是888888加密后的结果。</p>

            <!--[if lt IE 9]><script>document.createElement('audio');</script><![endif]-->
            <audio id="audio" loop="1" preload="auto" controls="controls" data-autoplay="true">
                <source type="audio/mpeg" src="">
            </audio>
            
                <ul id="audio-list" style="display:none">
                    
                        
                            <li title="0" data-url="https://webfs.ali.kugou.com/202307041713/4c5c9c66054ff1b1e920cbadbb47ec17/v2/c39d8792fe8a2cd84414ee5d2642f870/G199/M03/1B/10/p5QEAF4oPP-AUpsZACo25HetF6U984.mp3"></li>
                        
                    
                        
                            <li title="1" data-url="https://webfs.ali.kugou.com/202307041713/4c5c9c66054ff1b1e920cbadbb47ec17/v2/c39d8792fe8a2cd84414ee5d2642f870/G199/M03/1B/10/p5QEAF4oPP-AUpsZACo25HetF6U984.mp3"></li>
                        
                    
                </ul>
            
        </div>
        
        
    <div id="gitalk-container" class="comment link"
		data-enable="false"
        data-ae="false"
        data-ci=""
        data-cs=""
        data-r=""
        data-o=""
        data-a=""
        data-d="false"
    >查看评论</div>


    </div>
    
</div>


    </div>
</div>
</body>


<script src="//lib.baomitu.com/jquery/1.8.3/jquery.min.js"></script>
<script src="/js/plugin.js"></script>
<script src="/js/typed.js"></script>
<script src="/js/diaspora.js"></script>


<link rel="stylesheet" href="/photoswipe/photoswipe.css">
<link rel="stylesheet" href="/photoswipe/default-skin/default-skin.css">


<script src="/photoswipe/photoswipe.min.js"></script>
<script src="/photoswipe/photoswipe-ui-default.min.js"></script>


<!-- Root element of PhotoSwipe. Must have class pswp. -->
<div class="pswp" tabindex="-1" role="dialog" aria-hidden="true">
    <!-- Background of PhotoSwipe. 
         It's a separate element as animating opacity is faster than rgba(). -->
    <div class="pswp__bg"></div>
    <!-- Slides wrapper with overflow:hidden. -->
    <div class="pswp__scroll-wrap">
        <!-- Container that holds slides. 
            PhotoSwipe keeps only 3 of them in the DOM to save memory.
            Don't modify these 3 pswp__item elements, data is added later on. -->
        <div class="pswp__container">
            <div class="pswp__item"></div>
            <div class="pswp__item"></div>
            <div class="pswp__item"></div>
        </div>
        <!-- Default (PhotoSwipeUI_Default) interface on top of sliding area. Can be changed. -->
        <div class="pswp__ui pswp__ui--hidden">
            <div class="pswp__top-bar">
                <!--  Controls are self-explanatory. Order can be changed. -->
                <div class="pswp__counter"></div>
                <button class="pswp__button pswp__button--close" title="Close (Esc)"></button>
                <button class="pswp__button pswp__button--share" title="Share"></button>
                <button class="pswp__button pswp__button--fs" title="Toggle fullscreen"></button>
                <button class="pswp__button pswp__button--zoom" title="Zoom in/out"></button>
                <!-- Preloader demo http://codepen.io/dimsemenov/pen/yyBWoR -->
                <!-- element will get class pswp__preloader--active when preloader is running -->
                <div class="pswp__preloader">
                    <div class="pswp__preloader__icn">
                      <div class="pswp__preloader__cut">
                        <div class="pswp__preloader__donut"></div>
                      </div>
                    </div>
                </div>
            </div>
            <div class="pswp__share-modal pswp__share-modal--hidden pswp__single-tap">
                <div class="pswp__share-tooltip"></div> 
            </div>
            <button class="pswp__button pswp__button--arrow--left" title="Previous (arrow left)">
            </button>
            <button class="pswp__button pswp__button--arrow--right" title="Next (arrow right)">
            </button>
            <div class="pswp__caption">
                <div class="pswp__caption__center"></div>
            </div>
        </div>
    </div>
</div>






</html>
